Apache · Apache Cocoon · CVE-2023-49733
**Name of the Vulnerable Software and Affected Versions**
Apache Cocoon versions 2.2.0 through 2.2.x before 2.3.0
Apache Cocoon version 2.2.0
**Description**
The issue is related to an Improper Restriction of XML External Entity Reference, which allows users to inject malicious code into XML documents. This can lead to Remote Code Execution (RCE). Users are advised to upgrade to a fixed version to resolve the issue.
**Recommendations**
For Apache Cocoon versions 2.2.0 through 2.2.x before 2.3.0, upgrade to version 2.3.0, which fixes the issue.
For Apache Cocoon version 2.2.0, upgrade to version 2.3.0, which fixes the issue.